Commit 648f551a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New -valid option to add a certificate to the ca index.txt that is valid and not revoked

parent 33a8de69

apps/ca.c

+18 −1
Original line number Diff line number Diff line
@@ -501,6 +501,12 @@ EF_ALIGNMENT=0; 
			infile= *(++argv);

			dorevoke=1;

			}

		else if (strcmp(*argv,"-valid") == 0)

			{

			if (--argc < 1) goto bad;

			infile= *(++argv);

			dorevoke=2;

			}

		else if (strcmp(*argv,"-extensions") == 0)

			{

			if (--argc < 1) goto bad;
@@ -1523,6 +1529,8 @@ bad: 
				NULL, e, infile);

			if (revcert == NULL)

				goto err;

			if (dorevoke == 2)

				rev_type = -1;

			j=do_revoke(revcert,db, rev_type, rev_arg);

			if (j <= 0) goto err;

			X509_free(revcert);
@@ -2486,6 +2494,9 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) 
			}



		/* Revoke Certificate */

		if (type == -1)

			ok = 1;

		else

			ok = do_revoke(x509,db, type, value);



		goto err;
@@ -2497,6 +2508,12 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) 
			   row[DB_name]);

		goto err;

		}

	else if (type == -1)

		{

		BIO_printf(bio_err,"ERROR:Already present, serial number %s\n",

			   row[DB_serial]);

		goto err;

		}

	else if (rrow[DB_type][0]=='R')

		{

		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",